To all CISOs, cybersecurity managers, and fraud prevention experts out there — pull up a chair. We need to talk about something both utterly shocking and yet unbelievably common.
It’s about the recent McDonald’s data breach that affected 64 million job applicants through a vulnerability so basic it’s almost cartoonish: the password “123456.”
The Golden Arches’ Glaring Security Gap
This wasn’t a sophisticated nation-state attack or a zero-day exploit. This was a facepalm moment brought to you by a third-party AI system, Paradox.ai, which provides the McHire platform for screening candidates.
Security researchers Ian Carroll and Sam Curry uncovered the hole. While initially looking for prompt injection vulnerabilities in the AI chatbot “Olivia,” they stumbled upon a login link for Paradox.ai staff. What happened next is almost unbelievable for a company of McDonald’s’ stature: they tried common credentials — including “123456” for both username and password — and it worked. This simple password granted them administrator access to a test McDonald’s restaurant on McHire, without multi-factor authentication.
The compromised account was a test account that had not been logged into since 2019 and “should have been decommissioned.” With that oversight, they had access to “virtually every application that’s ever been made to McDonald’s going back years” — names, email addresses, phone numbers, and IP addresses of 64 million job applicants.
“The McDonald’s breach is a stark reminder that your most sophisticated firewalls and cutting-edge threat detection systems can be utterly bypassed by the simplest weak link: a compromised credential.”
The Achilles’ Heel: Reused and Compromised Credentials
Why is this such a prevalent problem? Because users — whether customers, employees, or third-party vendors — often reuse credentials across many sites and accounts. A staggering 52% of US adults reuse the same password across two or more accounts, and 13% admit to using the same password for ALL their accounts.
This habit is the fuel for devastating attacks like credential stuffing, where credential pairs obtained from one source are used to attack other systems. Even when MFA is enforced, gaps can exist — especially with third-party applications — making the security of the “first factor” paramount. Employees using company credentials outside of work were tracked in 40% of data breaches.
The Easiest, Most Effective Defense: Proactive Credential Screening
Screening credentials for your corporation’s customers, employees, and vendors is one of the easiest, most accurate, and highly effective ways to drastically reduce access to your corporate and customer data. This isn’t about blaming users for their password habits — it’s about putting robust systems in place that protect your organization despite those habits.
Active Directory Audit: Directly scans your Active Directory to identify compromised employee and vendor credentials against a repository of known compromised credentials. Addresses weak credentials that can lead to initial compromise and lateral movement.
Compromised Credential Screening: Detects if compromised credentials are being used by consumers and/or employees at key events like account creation, login, and password changes — focusing on credential pairs to significantly reduce false positives and unnecessary friction. Built on an ever-expanding database of 35+ billion unique compromised credential pairs, growing by 15 million new pairs daily.
Don’t let your organization be the next cautionary tale because of a “123456” moment.
The mechanics of how email became the digital economy’s most consequential vulnerability, the case studies that should have changed everything, and what a continuous intelligence approach actually looks like — all documented in “The Lying Gatekeeper,” a special report from myNetWatchman.
Read the Full Report →